If emphasis wasn’t already concentrated on the security of these connected vehicles, major oversight obviously…
Cariad emphasized that the data involved was not sensitive personal information like passwords or payment details, and no vehicles or services were impacted. Only certain vehicle data from online-connected cars were affected.
Mhm. This is the german version: https://www.heise.de/news/In-der-Cloud-abgelegt-Terabyte-an-Bewegungsdaten-von-VW-Elektroautos-gefunden-10220623.html
Summary: 10 TB of location data, half of it exact enough (10 cm) to allow conclusions to living conditions. Partially connected to app profiles with address and phone number.
Article says the following was breached:
Detailed location logs showing exactly where and when cars were parked.
Personal information of owners, such as names, email addresses, and phone numbers.
Insights into users’ routines, workplaces, leisure spots, and even sensitive visits, such as government offices, hospitals, and private establishments.
That is a lot of information about a person’s life.
Aggregating information can increase its sensitivity level, government employees deal with this on a regular basis; why are they giving data breeches like this the kiddie gloves?
maybe we could start to reduce the cost of electric cars by not overloading them with all the connected internet of shit crap?!?
i know the kids in china like to have karaoke machines in their cars… but i kinda just want bluetooth for my music and thats it.
It doesn’t cost them much of anything to include the modem (which is the main problem), and the data they receive is very valuable. I agree that less tech is good and all new cars (not just electric) are full of stuff I would prefer they came without. But the connected Internet shit also allows for software updates OTA. That’s a double edged sword. Without it you’d have to take your vehicle to a dealer if it needed a necessary software update (for a recall for instance). But obviously, having it means they can do things to your car without you even necessarily knowing or understanding what is happening (risky, for multiple reasons, including removing features with a botched software update).
This won’t persuade legislators to pass vehicle privacy laws one bit. Not until it personally affects them.
So what you are saying is that unless the next CEO assassin uses vehicle data to figure out where his target is it won’t happen?
Well if you frame it like that you might get their attention sooner.
Man… just stop putting complex computers that connect online, turning every fucking thing from your toaster to your whole house into an IoT. We don’t need this.
I just want four wheels with a steering wheel and a couple of pedals to operate my electric car. Not a god damn glorified tablet on wheels.
As people have been saying for years, the S in IoT stands for security.
😂 😂 😂 😂
What happens if I disable the Internet connection of my car?
Depends on the car and whether or not you can even get to that modem connection without tearing apart the interior. The main problem is if it’s linked to the main computer (ECU), or similar. If it is, your vehicle may be undrivable. It’s better to talk to the company who made your car and have them disable it. You may have to have a lawyer do so. If you’re buying a new car it is certainly possible to disagree to those terms that would activate it. But apparently not possible to have them build the car without it (which I think is bogus as hell). There was a big article about this after an investigation by Mozilla more than a year ago. People on reddit (I know !) were pretty mad about it then and they were looking for solutions. The consensus was that some cars you can get to the modem, some cars you can’t.
Also, you may not be able to receive necessary software updates (recalls etc) if you do disable it.
You are not allowed to drive anymore; your car needs to be able to call emergency response. Is an EU rule.
Edit: called eCall, compulsory.
When eCall is activated, it connects to the nearest emergency response centre, using both a telephone and data link. This allows you and the passengers in the vehicle to communicate with the emergency centre operator and at the same time, a minimum set of data is automatically transmitted (your exact location, the time of the accident, your vehicle’s identification number and direction of travel). This allows the emergency services to assess and manage your situation.
Your eCall system is only activated if your vehicle is involved in a serious accident. The rest of the time the system remains inactive. This means that when you are simply driving your vehicle, no tracking (registering your car’s position or monitoring your driving) or transmission of data takes place.
When a call is made through your 112-based eCall system, your personal data is processed according to EU data protection rules. This means that the emergency services only receive the limited data they need to deal with the accident situation, your data is not stored for any longer than necessary, and is removed when no longer required. Read more about EU data protection and privacy rules.
Important bit emphasised
Yes, thanks. My question is more, if the vendor already has to add a sim card and data plan, are they forbidden from using it for other things?
They don’t need a sim and days plan, if they only call 112.
using both a telephone and data link. […] a minimum set of data is automatically transmitted (your exact location, the time of the accident, your vehicle’s identification number and direction of travel).
G D P R
Can’t sue if nobody knows about it.
That sounds like it should be able to make a mobile call, not connect to the internet, but they probably require the latter.
VW just don’t understand software. The car computer in my Passat GTE 2020 is quite broken and they won’t fix it even during an 1000 € “official” service. I basically have to hack/flash the computer myself if I want it to become fully functional. Not really what I want to do, considering how much money I’ve been pouring into this silver beast…
Cariad emphasized that the data involved was not sensitive personal information like passwords or payment details, and no vehicles or services were impacted. Only certain vehicle data from online-connected cars were affected.
The company said “no[t] sensitive personal information” was involved. Nothing to see here. Move along. /s
What they actually said was, “None of our personal information was exposed, so we’re not concerned.”
Fortunately we can always trust what Volkswagen says.
Not.
All together now:
I. Told. You. So.
Fuck the pedons harder, daddies